In a warning posted to a company blog, Microsoft’s president, Brad Smith, called the recent cyberattack using SolarWinds software “a moment of reckoning,” urging a U.S. and global response.
“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world. In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.”
The attackers tampered with updates from SolarWinds, which makes network monitoring software, in order to penetrate systems using that software. They are believed to have accessed numerous U.S. government systems, including at the Pentagon and the Commerce and Energy departments, as well as private-sector systems such as those used by security company FireEye. Federal investigators have said the attack is likely tied to Russia, although Smith doesn’t accuse any particular nation in his blog post.
He called for new international rules and cooperation to take on hackers and regulate companies that make hacking tools, saying that cyberattacks go beyond traditional spycraft in how they can endanger security across the public and private sectors. President-elect Joe Biden has already said he will attempt to impose “substantial costs” on whoever is responsible for the attacks and work to prevent digital attacks.
“The defense of democracy requires that governments and technology companies work together in new and important ways—to share information, strengthen defenses, and respond to attacks,” Smith wrote. “As we put 2020 behind us, the new year provides a new opportunity to move forward on all these fronts.”